redaction_derive/

lib.rs

//! Derive macros for `redaction`.
//!
//! This crate generates the traversal code behind `#[derive(Sensitive)]`. It:
//! - reads `#[sensitive(...)]` field attributes
//! - emits a `RedactionWalker` implementation that calls into a mapper
//!
//! It does **not** define classifications or policies. Those live in the main
//! `redaction` crate and are applied at runtime.

// <https://doc.rust-lang.org/rustc/lints/listing/allowed-by-default.html>
#![warn(
    anonymous_parameters,
    bare_trait_objects,
    elided_lifetimes_in_paths,
    missing_copy_implementations,
    rust_2018_idioms,
    trivial_casts,
    trivial_numeric_casts,
    unreachable_pub,
    unsafe_code,
    unused_extern_crates,
    unused_import_braces
)]
// <https://rust-lang.github.io/rust-clippy/stable>
#![warn(
    clippy::all,
    clippy::cargo,
    clippy::dbg_macro,
    clippy::float_cmp_const,
    clippy::get_unwrap,
    clippy::mem_forget,
    clippy::nursery,
    clippy::pedantic,
    clippy::todo,
    clippy::unwrap_used,
    clippy::uninlined_format_args
)]
// Allow some clippy lints
#![allow(
    clippy::default_trait_access,
    clippy::doc_markdown,
    clippy::if_not_else,
    clippy::module_name_repetitions,
    clippy::multiple_crate_versions,
    clippy::must_use_candidate,
    clippy::needless_pass_by_value,
    clippy::needless_ifs,
    clippy::use_self,
    clippy::cargo_common_metadata,
    clippy::missing_errors_doc,
    clippy::enum_glob_use,
    clippy::struct_excessive_bools,
    clippy::missing_const_for_fn,
    clippy::redundant_pub_crate,
    clippy::result_large_err,
    clippy::future_not_send,
    clippy::option_if_let_else,
    clippy::from_over_into,
    clippy::manual_inspect
)]
// Allow some lints while testing
#![cfg_attr(test, allow(clippy::non_ascii_literal, clippy::unwrap_used))]

#[allow(unused_extern_crates)]
extern crate proc_macro;

use proc_macro2::{Ident, TokenStream};
use proc_macro_crate::{crate_name, FoundCrate};
use quote::{format_ident, quote};
use syn::{parse_macro_input, parse_quote, spanned::Spanned, Data, DeriveInput, Result};

mod derive_enum;
mod derive_struct;
mod generics;
mod strategy;
mod transform;
mod types;
use derive_enum::derive_enum;
use derive_struct::derive_struct;
use generics::{add_classified_value_bounds, add_debug_bounds, add_walker_bounds};

/// Derives `redaction::RedactionWalker` (and related impls) for structs and enums.
///
/// Field attributes:
/// - `#[sensitive(Classification)]` treats the field as a sensitive string-like value and applies
///   the classification's policy via the active `RedactionMap`.
/// - `#[sensitive]` treats the field as a sensitive scalar (numbers, booleans, chars) and redacts
///   to their default values (0, false, etc.). `char` is a special case and redacts to `'X'`.
///   For string-like values, use `#[sensitive(Classification)]`. Scalars reject classifications.
///
/// For fields without a `#[sensitive(...)]` attribute, the derive traverses into the field via
/// `RedactionWalker`.
///
/// Unions are rejected at compile time.
///
/// Additional generated impls:
/// - `Debug`: when *not* building with `cfg(any(test, feature = "testing"))`, classified fields are
///   formatted as the string `"[REDACTED]"` rather than their values.
/// - `slog::Value` (behind `cfg(feature = "slog")`): implemented by cloning the value and routing
///   it through `redaction::slog::IntoRedactedJson`. **Note:** this impl requires the type to
///   implement `Clone`.
#[proc_macro_derive(Sensitive, attributes(sensitive))]
pub fn derive_sensitive(input: proc_macro::TokenStream) -> proc_macro::TokenStream {
    let input = parse_macro_input!(input as DeriveInput);
    match expand(input) {
        Ok(tokens) => tokens.into(),
        Err(err) => err.into_compile_error().into(),
    }
}

/// Returns the token stream to reference the redaction crate root.
///
/// Handles crate renaming (e.g., `my_redact = { package = "redaction", ... }`)
/// and internal usage (when derive is used inside the redaction crate itself).
fn crate_root() -> proc_macro2::TokenStream {
    match crate_name("redaction") {
        Ok(FoundCrate::Itself) => quote! { crate },
        Ok(FoundCrate::Name(name)) => {
            let ident = format_ident!("{}", name);
            quote! { ::#ident }
        }
        Err(_) => quote! { ::redaction },
    }
}

fn crate_path(item: &str) -> proc_macro2::TokenStream {
    let root = crate_root();
    let item_ident = syn::parse_str::<syn::Path>(item).expect("redaction crate path should parse");
    quote! { #root::#item_ident }
}

struct DeriveOutput {
    redaction_body: TokenStream,
    used_generics: Vec<Ident>,
    classified_generics: Vec<Ident>,
    debug_redacted_body: TokenStream,
    debug_redacted_generics: Vec<Ident>,
    debug_unredacted_body: TokenStream,
    debug_unredacted_generics: Vec<Ident>,
}

#[allow(clippy::too_many_lines)]
fn expand(input: DeriveInput) -> Result<TokenStream> {
    let DeriveInput {
        ident,
        generics,
        data,
        ..
    } = input;

    let crate_root = crate_root();

    let derive_output = match &data {
        Data::Struct(data) => {
            let output = derive_struct(&ident, data.clone(), &generics)?;
            DeriveOutput {
                redaction_body: output.redaction_body,
                used_generics: output.used_generics,
                classified_generics: output.classified_generics,
                debug_redacted_body: output.debug_redacted_body,
                debug_redacted_generics: output.debug_redacted_generics,
                debug_unredacted_body: output.debug_unredacted_body,
                debug_unredacted_generics: output.debug_unredacted_generics,
            }
        }
        Data::Enum(data) => {
            let output = derive_enum(&ident, data.clone(), &generics)?;
            DeriveOutput {
                redaction_body: output.redaction_body,
                used_generics: output.used_generics,
                classified_generics: output.classified_generics,
                debug_redacted_body: output.debug_redacted_body,
                debug_redacted_generics: output.debug_redacted_generics,
                debug_unredacted_body: output.debug_unredacted_body,
                debug_unredacted_generics: output.debug_unredacted_generics,
            }
        }
        Data::Union(u) => {
            return Err(syn::Error::new(
                u.union_token.span(),
                "`Sensitive` cannot be derived for unions",
            ));
        }
    };

    let classify_generics = add_walker_bounds(generics.clone(), &derive_output.used_generics);
    let classify_generics =
        add_classified_value_bounds(classify_generics, &derive_output.classified_generics);
    let (impl_generics, ty_generics, where_clause) = classify_generics.split_for_impl();
    let debug_redacted_generics =
        add_debug_bounds(generics.clone(), &derive_output.debug_redacted_generics);
    let (debug_redacted_impl_generics, debug_redacted_ty_generics, debug_redacted_where_clause) =
        debug_redacted_generics.split_for_impl();
    let debug_unredacted_generics =
        add_debug_bounds(generics.clone(), &derive_output.debug_unredacted_generics);
    let (
        debug_unredacted_impl_generics,
        debug_unredacted_ty_generics,
        debug_unredacted_where_clause,
    ) = debug_unredacted_generics.split_for_impl();
    let redaction_body = &derive_output.redaction_body;
    let debug_redacted_body = &derive_output.debug_redacted_body;
    let debug_unredacted_body = &derive_output.debug_unredacted_body;
    let mut slog_generics = generics;
    let slog_where_clause = slog_generics.make_where_clause();
    let self_ty: syn::Type = parse_quote!(#ident #ty_generics);
    slog_where_clause
        .predicates
        .push(parse_quote!(#self_ty: ::core::clone::Clone));
    slog_where_clause
        .predicates
        .push(parse_quote!(#self_ty: #crate_root::slog::IntoRedactedJson));
    let (slog_impl_generics, slog_ty_generics, slog_where_clause) = slog_generics.split_for_impl();
    let trait_impl = quote! {
        impl #impl_generics #crate_root::RedactionWalker for #ident #ty_generics #where_clause {
            type Output = Self;

            fn redact_with<M: #crate_root::RedactionMap>(self, mapper: &M) -> Self::Output {
                use #crate_root::RedactionWalker as _;
                #redaction_body
            }
        }

        #[cfg(any(test, feature = "testing"))]
        impl #debug_unredacted_impl_generics ::core::fmt::Debug for #ident #debug_unredacted_ty_generics #debug_unredacted_where_clause {
            fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result {
                #debug_unredacted_body
            }
        }

        #[cfg(not(any(test, feature = "testing")))]
        #[allow(unused_variables)]
        impl #debug_redacted_impl_generics ::core::fmt::Debug for #ident #debug_redacted_ty_generics #debug_redacted_where_clause {
            fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result {
                #debug_redacted_body
            }
        }

        #[cfg(feature = "slog")]
        impl #slog_impl_generics ::slog::Value for #ident #slog_ty_generics #slog_where_clause {
            fn serialize(
                &self,
                _record: &::slog::Record<'_>,
                key: ::slog::Key,
                serializer: &mut dyn ::slog::Serializer,
            ) -> ::slog::Result {
                let redacted = #crate_root::slog::IntoRedactedJson::into_redacted_json(self.clone());
                ::slog::Value::serialize(&redacted, _record, key, serializer)
            }
        }

        // `slog` already provides `impl<V: Value> Value for &V`, so a reference
        // impl here would conflict with the blanket impl.
    };
    Ok(trait_impl)
}